Hi all,
I have a Vigor 2860 using firmware 3.7.4.3. It's configured to use two WANs. One dedicated fibre connection is the primary connection, and an ADSL connection is configured only for guest access and as a failover.
In the last couple of weeks, we've had frequent occurrences of having a lost connection for all users. Only a reboot seems to resolve this, and if often happens in clusters. It's happening most days.
I've been looking at the logs and there is some weird activity around the disconnection times, but one entry in particular that seems to show up is puzzling me. I'm not a network administrator and I'm not sure how to interpret this. The logs show:
Code:
<150>Sep 27 17:01:06 Vigor_Draytek2860: Local User: 94.43.11.219 -> 192.168.1.106 (ICMP) Destination Unreachable
192.168.1.106 is the IP of our NAS. Presumably these connections are failing as we have a non-standard port for all types of connections to this along with other security controls.
What's confusing me is the way that I interpret this is that someone with an outside IP address (94.43.11.219) appears to be listed as a Local User. I look up this address and it seems to be registered by an ISP in the middle east, perhaps Turkey going by the trace route. So I have three questions here.
1) Am I right that this outside user is somehow being considered as a local user?
2) If so, how is this possible when they are clearly outside the local user IP range?
3) Could this explain the disconnections?
Other weird log entries are below and if anyone has any ideas as to why our connection is dropping I'd appreciate any input. There appear to be some DoS attempts and I don't know if this could explain it.
Code:
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] Receive EAPoL-Key frame from STA 58-1F-AA-CE-B1-53
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] WPA: recieve Msg2 of 4-way (58-1F-AA-CE-B1-53)
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] WPA: send Msg3 of 4-way
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] Receive EAPoL-Key frame from STA 58-1F-AA-CE-B1-53
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] WPA: recieve Msg4 of 4-way (58-1F-AA-CE-B1-53)
<150>Sep 27 17:00:04 Vigor_Draytek2860: [WLAN] AP SETKEYS DONE - WPA2, AuthMode(7)=WPA2PSK, WepStatus(6)=AES, GroupWepStatus(6)=AES from 58:1f:aa:ce:b1:53
Code:
<150>Sep 27 17:00:09 Vigor_Draytek2860: WLAN_DBG - MLME Disassoc MAC 58:1f:aa:ce:b1:53
<150>Sep 27 17:00:09 Vigor_Draytek2860: WLAN_DBG - Dot1x_session_stop
Code:
<129>Sep 27 17:00:16 Vigor_Draytek2860: [DOS][Block][trace_route][209.177.166.204:13329->78.158.54.135:33436][UDP][HLen=20, TLen=32]
<129>Sep 27 17:00:20 Vigor_Draytek2860: [DOS][Block][trace_route][209.177.166.204:13329->78.158.54.135:33436][UDP][HLen=20, TLen=32]
